Why cryptocurrency is just so easy to steal

Cryptocurrency has been a gold mine for some, making millionaires almost overnight, but it has also ushered in a new golden age of heists, where cybercriminals can make off with millions faster than the time it takes you to finish this sentence.

Some thieves have been especially brazen in their attacks. With at least in one instance, a cryptocurrency vlogger appeared to lose millions in an attack live on YouTube.

Unfortunately, for cryptocurrency investors and enthusiasts, there isn’t that much out there in the way of protection.

CipherTrace is one of only a small handful of companies out there to protect cryptocurrency from falling into the hands of cybercriminals. Since its start in 2015, it’s one of the oldest players in the game.

‘You’re now responsible for your own security’

CipherTrace CEO David Jevans explained to Yahoo Canada Finance the cybersecurity for cryptocurrency is very immature and that it can be dramatically less secure than what’s in place for a traditional bank account.

That’s particularly true for those who manage their cryptocurrency themselves.

“You can control your own cryptocurrency on your own phone or your own computer,” Jevans says. “But the problem is you’re now responsible for your own security.”

Making matters worse he says is that cyber thieves could take full control of someone’s cryptocurrency with only a small code, which they could easily get through a phishing attack.

“Imagine a document on your computer that has 24 words on it, and if they copy that, they get all your cryptocurrency,” he says. “You better be like your own chief security officer.”

Jevans says criminals are not just targeting individual investors through phishing and malware, but cryptocurrency exchanges as well in an effort to copy all of their private keys to steal money.

“Who would I rather phish? A customer of a bank where the bank had 15 years of figuring out anti-phishing technology … or would I rather go after a cryptocurrency exchange that is sitting on $40 billion, [that’s] a startup that didn’t exist two years ago? Well, I know who I’d go after,” he says.

Millions in crypto theft possibly unreported

While several large-scale cryptocurrency thefts have made headlines in recent months, Jevans estimates that $400-$500 million of cryptocurrency theft is still unreported and that doesn’t include smaller phishing cases where people could lose $25,000.

He believes small and large-scale thefts are going to be on the rise but also expects cybersecurity to improve. He says some of the biggest exchanges have already taken steps to improve security.

“The big guys like Coinbase, for example, is, I think, an exemplar in the space. They have a good security team. They have bank secrecy agents, bank secrecy officers, that work with the bank to make sure they’re compliant.”

However, he says smaller exchanges aren’t as adept yet but soon will be.

“You’ll see smaller guys that don’t have a clue yet, but when they see one of their peers get robbed for $20 million, $50 million, $500 million, they’re starting to wake up as well.”

‘They’re coming after your money’

To prevent getting your cryptocurrency stolen, Jevans says investors should work with very large exchanges that have insurance behind them.

“A lot of people say, ‘Don’t trust third party to put your crypto in’ but I’m of the other side which is if you’re dealing with a company, a big reputable exchange that has those qualities, your money is probably safer than you protecting it yourself.”

He also recommends that investors follow many of the standard security tips they usually would follow when online. That includes avoiding phishing attacks by not clicking links in emails, using two-factor authentication and installing antivirus software.

“It’s not widely reported, but there’s a lot of malware out there that is trying to steal your cryptocurrency — lots of it,” he says.

“I know it’s inconvenient — trust me. When people stole over a billion dollars in the last year, they’re coming after your money. I don’t care who you are, they’re coming after your money, so do it.”